Changes

Jump to: navigation, search

Security/Sandbox

804 bytes added, 18:47, 15 May 2020
Add Socket Process to overview. Add level 6.
|style='text-align:center;' colspan="2"|enabled
|style='text-align:center;' colspan="2"|enabled
|-
|colspan="1"|[https://searchfox.org/mozilla-central/search?q=symbol:_ZN7mozilla21AbstractSandboxBroker32SetSecurityLevelForSocketProcessEv&redirect=false Windows (Socket)]
|style='text-align:center;' colspan="2"|Level 1
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx75
|style='text-align:center;' colspan="1"|Level 1
|style='text-align:center;' colspan="1"|Fx75
|-
| [https://dxr.mozilla.org/mozilla-central/search?q=SandboxBroker%3A%3ASetSecurityLevelForPluginProcess&redirect=true&case=true Windows 64bit (NPAPI Plugin)]
A 'level' value reflects unique sandbox security settings for each platform and process. Most processes only have two "active" levels, the current setting and a lower (previous released) setting. Level settings other than these two values carry no guarantee of altering security behavior, level settings are primarily a release rollout debugging feature.
 
DEPRECATION WARNING - The current level system will be replaced by a configuration system that allows for more fine grain control over sandbox settings.
[1] Level 1 available but disabled due to various regressions with scrolling, see {{bug|1347710}}.
{| class="wikitable"
|-
! Sandbox Feature !! Level 3 !! Level 4 !! Level 5!! Level 6
|-
| Job Level || [http://searchfox.org/mozilla-central/rev/6c2dbacbba1d58b8679cee700fd0a54189e0cf1b/security/sandbox/chromium/sandbox/win/src/job.cc#38 JOB_RESTRICTED] || JOB_LOCKDOWN || JOB_LOCKDOWN || JOB_LOCKDOWN
|-
| Access Token Level || USER_LIMITED || USER_LIMITED || USER_LIMITED || USER_LIMITED
|-
| Alternate Desktop || no || YES || YES || YES
|-
| Alternate Windows Station || no || no || no || no
|-
| Initial Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
| Delayed Integrity Level || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW || INTEGRITY_LEVEL_LOW
|-
| Mitigations ||
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_IMAGE_LOAD_PREFER_SYS32
||
MITIGATION_BOTTOM_UP_ASLR<br>
MITIGATION_HEAP_TERMINATE<br>
MITIGATION_SEHOP<br>
MITIGATION_DEP_NO_ATL_THUNK<br>
MITIGATION_DEP<br>
MITIGATION_EXTENSION_POINT_DISABLE<br>
MITIGATION_IMAGE_LOAD_NO_REMOTE<br>
MITIGATION_IMAGE_LOAD_NO_LOW_LABEL<br>
MITIGATION_IMAGE_LOAD_PREFER_SYS32<br>
Locked Down Default DACL
|-
| Delayed Mitigations ||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
||
MITIGATION_STRICT_HANDLE_CHECKS<br>
MITIGATION_DLL_SEARCH_ORDER
Gpascutto
Confirm
333
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1227228"

Navigation menu